LDAP Cheatsheet

LDAP stands for Lightweight Directory Access Protocol. It is similar to a database however it is optimized for querying and less for inserting. 

RDN (Relative distinguished name) is the unique string which identifies each entry in the directory.

DN (Distinguished name) is the string combining RDNS to form a unique name.

Normalization of DNs boils down to:

1. No whites pace surrounding '=' or '+' and no trailing space in RDNs
2. Escaping all characters when necessary

LDAP attributes can be multi-valued / single-valued according to their definition in the server schema. If an attribute is defined multivalued newly assigned values are added to the rest of the values for this attribute. It does not replaces the original value(s). If an attribute is defined as single-valued newly assigned values replace the old one.

LDAP Search Components

  • Search Base defines the location (DN) where the search begins (e.g. search_base = dc=example, dc=org)
  • Filter determines the result according to a condition
  • Result determines what the result should contain
The above is similar to a databse query such as:

select result from base where filter;

LDAP is important for system administration as it saves time and resources for using a centralized(even when distributed) storage for logins, emails and other important information.

blog comments powered by Disqus